The Lucretius Problem of Biosecurity
A short response to "Reasons to be pessimistic (and optimistic) on the future of biosecurity."
“A little river seems to him, who has never seen a larger river, a mighty stream; and so with other things –– a tree, a man –– anything appears greatest to him that never knew a greater.” –De Rerum Natura, Titus Lucretius Carus
This is a short response to Reasons to be pessimistic (and optimistic) on the future of biosecurity by Abhishaike Mahajan. I highly recommend reading it.
It is overall an excellently written and researched piece, which deserves the praise its been receiving online from the biosecurity community. However, I vehemently disagree with some of its conclusions, and wanted to lay out those disagreements for other readers. (There are some other disagreements I have which I think are less important, but may add at a later date.)
Treaties Are Not Enough
First, Mahajan states that he is not scared of state-actors, “because most states have too much to lose by violating the Biological Weapons Convention.”
However, earlier in the piece, he mentions the Soviet’s Biopreparat program:
It was the largest biological weapons program in human history, employing over 60,000 people at its peak, and spent years trying to weaponize smallpox and plague. And it worked. Some insane lines from a Frontiers article about the program attached here, bolding by me:
Some Biopreparat and military facilities continuously produced agents and filled the delivery systems kept on standby. For example, the Soviets annually made about two metric tons of antibiotic-resistant pneumonic plague and 20 tons of liquid smallpox grown in eggs. Refrigerated bunkers stored the bulk smallpox, which had a 6 to 12-month shelf life, and also contained filling lines for munitions and spray tanks.
….The Corpus One building of The State Scientific Center of Applied Microbiology at Obolensk contains 42-story tall fermenters, separated into different biosafety containment zones, to make plague and other agents.
Building 221 at The Scientific Experimental and Production Base at Stepnogorsk housed 10 four-story-high, 20,000-liter fermenters and could make 300 metric tons of anthrax in 10 months. Other production lines at Kurgan, Penza, and Sverdlovsk could add hundreds more tons to the USSR’s prodigious capability to make biowarfare agents and fill munitions on short notice.
Fortunately for us, the Soviet economy collapsed before this stockpile could be used for anything world-ending.
The Soviets signed the Biological Weapons Convention just as they were massively accelerating this program. As I wrote in a previous post, “In 1971, while the BWC was still being negotiated, the Soviets started planning a massive expansion of their (existing) offensive biological weapons program. They signed the BWC in 1972.”
The BWC has been violated continuously since its signing. At every BWC Review Conference from 1986–2001, states publicly accused others of non-compliance. The Soviet Union was named at the 2nd, 3rd, and 4th conferences. At the 5th Review Conference in 2001, the U.S. charged five states –– Iran, Iraq, Libya, North Korea, and Syria –– with operating covert programs. After the 5th Review Conference, the U.S. shifted its compliance accusations to their annual reports on disarmament compliance, which they have been publishing (with a few gaps) since 1984. The State Department has raised BWC non-compliance concerns in every published report.
The intelligence community consensus is that bioweapons development programs still exist in multiple countries, all of whom signed the BWC.
Indeed, the most recent 2025 report from the Department of State affirmed that Russia and North Korea maintain offensive biological weapons programs. It raised continued compliance concerns re: Iran and China, noting that PLA military medical institutions are conducting research with potential bioweapons applications, and warned (for the first time) that China is capable of using publicly available AI/ML tools to advance efforts related to bioweapons. And this is just the public intel.
This treaty should not in any way eliminate one’s fear that a state actor would develop and use bioweapons. It has no real mechanism for verification or enforcement body.
If you need more evidence that state actors are a threat, here is a direct quote from the unclassified U.S. Chemical and Biological Defense Program (FY) 2026 Budget Estimates:
China engages in CB research with possible military applications while the People’s Liberation Army (PLA) has declared biology a new domain of war. PLA strategic documents state that biological weapons can have lethal applications. More recently, PLA documents refer to chemical and biological agents as a way to “paralyze combat effectiveness on a large scale or accurately,” showing that adversaries now see chemical and biological warfare as a potential condition on all military operational missions throughout the continuum of conflict. Both Russia and North Korea have offensive CB weapon programs…(and) Iran is not in compliance with the Chemical Weapons Convention and is researching biological agents and toxins for military purposes.
These PLA documents are public. The PLA directly identified biology “as a domain of military struggle” in their (also public) 2017 Science of Military Strategy textbook for the Academy of Military Sciences.
Mahajan also says “if they are willing to let loose anyway, I believe they would opt for either easier-to-use-and-control chemical or nuclear weapons instead.” The strategic case for state actors to use bioweapons is not weak. They allow for plausible deniability (Mahajan acknowledges this) because attribution is difficult, making them a compelling choice for military action below the threshold of open war. They are also uniquely destructive, propagating in a way no other weapon can.
I believe we should take state actors seriously and think it is a grave mistake not to. When the public evidence for state actors’ interest in bioweapons is overwhelming and the State Department is concerned, I don’t understand how one could think they are not a threat.
We Should Not Assume Scaling is Symmetric
Mahajan then states:
I am not scared of people creating extremely engineered pathogens that have capabilities far beyond existing ones—because the existing ones are already quite good and difficult enough to work with—especially because even if the AI tools get good enough to make it worth it, I believe the same AI tools will be just as useful in countermeasure design.
Not only is he correct to realize in the very next sentence that “attack requires one success while defense requires comprehensive coverage,” but in a scenario like this there is massive asymmetry between the technologies’ time frames. You can spend years developing a novel virus, but you don’t have that kind of time to develop countermeasures while people are dying. They will likely always scale asymmetrically because of this.
There is also a massive cost asymmetry. It is much cheaper to develop a weapon than to design, produce, and distribute MCMs. For weapons, our bodies are the production and distribution. The cost asymmetry is orders of magnitudes in size. In 2017 biologists showed that they could synthesize a poxvirus for $100,000 using only commercially available tools and techniques. In contrast, producing a new vaccine or antiviral costs billions of dollars: 10,000 times more.
Mahajan’s belief that the “swiss-cheese security model will prevail” in spite of this is simply that –– a belief. Moreover, the essay itself points to many more holes in each biosecurity layer than would be acceptable if such a security model was to work effectively.
Individual Actors Are a Risk
Lastly for the “why I am not scared” section, Mahajan states:
I am not scared of individual actors, because the economics of bioweapons production likely do not work in their favor. Yes, they can rent upstream services—virus production, purification—but the downstream weaponization work requires custom protocols that CROs have no economic incentive to develop. Moreover, given that the weaponization will almost definitely be a bespoke, hands-on R&D project and not one that is easily automated, it feels unlikely that nobody at the CRO will raise an eyebrow.
The biggest problem I have with this is the statement that “it feels unlikely that nobody at the CRO will raise an eyebrow.” CROs process thousands or tens of thousands of orders. This statement relies on someone noticing and reporting, and another someone subsequently taking that report seriously. CRO work is modular/compartmentalized. Without a security system in place to catch bad actors, we absolutely cannot assume that someone in the workflow will notice, care, report, and be listened to.
I have other problems with it as well, chief of which is that this argument somewhat assumes that weaponization must go through a CRO, which is false. Mahajan himself points out how quickly benchtop DNA synthesis is improving:
…benchtop DNA synthesizers are getting longer-range. In other words, you could neatly side-step all these screening checks by buying your own DNA-creation machine, and running synthesis in your bedroom. Right now, the best commercially available benchtop synthesizers tops out at about 120 base pairs per well, which, given that real viruses are on the order of dozens of kilobases, means we’re safe for now. But there is no functional reason that they cannot get any better
Mahajan also acknowledges the difficulties with screening synthesis providers if an individual decides to mail order their nucleotides. He points out that “screening only works if you’re ordering sequences long enough to screen” and that “screening assumes you’re looking for known threats, which is to say, sequences with similarities to characterized pathogens.” He also points out the risk of split-order attacks:
…you could simply split your order across multiple machines, synthesizing fragments that are each too short to trigger any screening individually, but that assemble into something very much on a select agent list once stitched together.
All in all, a sufficiently motivated individual, even if they could not do it today, will likely be able to in the not-distant future. All trendlines point to this. We should be sprinting to build security and defense infrastructure that includes individuals and small groups as a significant risk.
The Lucretius Problem
Finally, Mahajan says that in all of his conversations, “everyone generally agreed that an honest-to-god, bioterrorist attack is unlikely. It is a low probability event.” People’s thinking on these things tends to be subject to normalcy bias and the Lucretius problem. People assume that the worst thing that has happened is the worst thing that can happen. What would “everyone” have said in the 1930s about the likelihood of someone building the type of bomb that could destroy whole cities and using it within a decade? What might they have said in 2000 about airplanes being essentially missiles, if someone were willing to kill themselves in their attack?
We have already had multiple small scale bioterrorist attacks. The 2001 anthrax attacks killed five people, the Aum Shinrikyo cult launched ~10 biological attacks, and the Rajneeshee cult contaminated salad bars with Salmonella in 1984, leading to 751 people getting sick. Yes, they were small-scale and unsuccessful, but they are strong evidence that motivation for bioterrorism attacks exists and the question is one of competence. As Mahajan points out, the Aum Shinrikyo anthrax attack on Kameido failed largely because they accidentally acquired a vaccine strain of Bacillus anthracis and got their concentrations wrong. Competency is increasingly for sale and the barriers that stopped Shinrikyo are measurably lower today.
In my opinion, this is closer to an inevitability than a low probability event. It is surprising that it hasn’t happened yet. (And I think it is very worth wondering about why this is the case.) What is not inevitable is our response –– I remain highly optimistic that we can build and maintain the infrastructure necessary to achieve real biosecurity.
Wow. Brutal takedown